maritime cargo security presented by: russ clement (deputy pm) space and naval warfare systems...

Maritime Cargo SecurityPresented by: Russ Clement (Deputy PM)

Space and Naval Warfare Systems Center – PacificTechnical Point of Contact: [email protected]

Advanced Container Security Device (ACSD) Program –CommunicationsSponsored by Department of Homeland Security (DHS),

Ken Concepcion Program Manager

November 17, 2010San Diego, CA

1

Maritime Cargo Security (panel 7)

2

Container Stuffing/ Sealing

Dray to Terminal

Foreign port Terminal

Ocean

Commerce

US port Terminal

DeconsolidationInland Dray or Rail Transport

= Data Read Locations

= Secure FNAD

DHS S&T is Developing Technical Requirements and Supporting Docsfor Monitoring Cargo Security from Point of Stuffing to Deconsolidation

Security Device

(SD) Requirements

Electronic Chain of Custody(ECoC) Device

Requirements

Marine Asset Tag Tracking

System (MATTS)

Requirements

Interface Control

Documents (ICDs)

(2)

Network Access Device

Requirements

Network Security and Encryption

All documents completed and released to DHS in November 2010

Test and Evaluation

Master Plans(TEMPS)

(5)

Physical, Software and Protocol

Hardware/Devices


3

All Three Requirements (SD, ECoC and MATTS) Feature:

• Open Network Architecture using IEEE Standard 802.15.4-2006 for Wireless Links • Support for both Commercial and Security-Purposed Messaging• Support for Existing Wireless Commercial Products for Backhaul (SAT/CELL) • Support for New Commercial Products for Network Extension (Routing)• End-to-end Encryption for Network Security• Validated Sensor and Network Protocols supported by Field Tests and International

Pilots Including:

Government Applications Commercial Applications

Japan to US (MATTS, 2008-2009) China To US (SD+MATTS, 2010 on-going) Secure Corridors (ECoC + MATTS ,APEX 2011)

Applicable from Government to Commercial

4


Security Device or Sensor

(on-conveyance)

Sensing Phenomenology Data Process

On-board OS Application with Encryption

OS Application Interface to ICD

ICD-Implemented

Network Discovery and Logical Addressing

ICD –Implemented

Communication, End-to-end Connection and Reliability

IEEE 802.15.4

2.4 GHz ISM Band Channel Use-age per ICD

Network Access Device (NAD)

ICD-implemented Route Management

IP Packet Routing

< --ICD to IP-->

(convert ‘15.4 data frame to IP packet)

< --IEEE 802.15.4

802.3 Ethernet -- >

< --2.4 GHz ISM Band –Ethernet -- >

External Device for Cell/SAT/Routing and GPS

Supplemental Sensing Phenomenology Data Process for Custody Functions (optional)

OS application w/encryption

OS application interface to ICD

ICD-Implemented

Network Discovery and Logical Addressing

ICD –Implemented

Communication, End-to-end Connection and Reliability or Routing

IEEE 802.15.4

2.4 GHz ISM Band Channel Use-age per ICD

Command Center or Handheld User Interface

Command Applications

MS, UNIX or LINUX OS Applications Interface with Encryption

MS, UNIX or LINUX TCP/IP Interface

TCP

IP

Ethernet Interface

Ethernet Cable

Layer

Application

Presentation

Session

Transport

Network

Physical

Data Link

OSI Model of Security Device Network

Red = Proprietary Technology, Green = Open Architecture

Government/Commercial Opportunities

Hardware Products• Sensors• Network Devices• Hand Held Readers

System Implementation Services• Ports• Shipper’s Facilities• Factories

Software Products• Device OS/APIs• Malware Mitigation Tools• Site Implementation Tools

Network Security Services• On-site• Enterprise Wide

Operations and Maintenance• Data Services• Command Centers• Logistics (fee for service)

Training• Operations• Technical Support• Network Security


TAKE-AWAY’s

• New Cargo Security Technical Requirements in Review at DHS Features open network architecture Defines protocols for network discovery and message transfer Defines uniform message format Promotes value added functions

• Supports Cargo Security and Electronic Chain of Custody Applications Cargo Security – Autonomous capability to detect door openings or removal (either door) Chain of Custody – Autonomous monitoring of physical locking mechanism of the conveyance door and location of conveyance.

• Robust Primary Wireless Link is IEEE Standard 802.15.4-2006 MAC and PHY Supports security and commercial services Allows for existing commercial backhaul products/services (CELL/SAT/Routing) Supports end-to-end encryption on un-trusted networks.

• Designed for Global Application 2.4 GHz ISM Band Low cost commercial-grade radios Exportable encryption (AES 128 and possibly in future 256)

5